Do you have any access logs on the server? Or can you enable them? Examine your logs and see what the bots are accessing, then block that?
Self-Hosted Main
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
For Example
- Service: Dropbox - Alternative: Nextcloud
- Service: Google Reader - Alternative: Tiny Tiny RSS
- Service: Blogger - Alternative: WordPress
We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.
Useful Lists
- Awesome-Selfhosted List of Software
- Awesome-Sysadmin List of Software
I know, I know 'BuT It's NOt seLFhOStEd!' but I just let the pros deal with bots and front that kind of stuff with Cloudflare.
If you've privacy concerns you can always have that one thing on a specific subdomain and only enable Cloudflare on that, whilst keeping the rest of your subdomains unproxied.
Alternatively can't you add a capture (again, giving up a bit of privacy).
This is one of the cases where there’s a real practical advantage to having a reverse proxy in front of your site/software. The proxy could be configured very easily to drop any access to that specific URL .